# Perform a firmware Over-The-Air update for AWS IoT ExpressLink Perform a firmware OTA update To perform a irmware Over-The-Air update for AWS IoT ExpressLink, the following must be completed: **Topics** + [ # Prerequisites ](elgsg-setup-ota-update-prereqs.md) + [ # Create a firmware update job in AWS IoT ](elgsg-setup-ota-update-create.md) + [ # Monitor and apply a new firmware update for AWS IoT ExpressLink ](elgsg-setup-ota-update-monitor.md) # Prerequisites You must have received a firmware image signed by the manufacturer of your ExpressLink module. Along with the firmware image, you will also have additional signing metadata such as: + signature hashing algorithm used (Example: SHA-256) + signature encryption algorithm used (Example: ECDSA) + actual signature encoded using the base64 encoding format. + (Optional) path name (a string) which identifies the location where the certificate is provisioned in the ExpressLink module Finally, before you proceed, you should create an OTA Update role in your AWS account using the steps outlined in [ Create an OTA Update service role](https://docs.aws.amazon.com/freertos/latest/userguide/create-service-role.html). # Create a firmware update job in AWS IoT 1. Open the [AWS IoT console](https://console.aws.amazon.com//iot/home). Choose **Manage** then choose **Jobs**. Choose **Create job**, **Create FreeRTOS OTA Update Job**, then choose **Next**. 1. Enter a job name which is unique within your AWS account. Enter an optional description. Choose **Next**. 1. From the **Devices to update** dropdown, choose the thing name associated with your ExpressLink module when it was registered with the account. Choose **MQTT** as the protocol that will be used to perform the transfer, and unselect **HTTP** if it is selected. 1. Choose **Use my custom signed file**; this will display a form to be filled in. Use the details from [Prerequisites](elgsg-setup-ota-update-prereqs.md) to fill in the form. 1. In the **signature** field, enter the base64 encoded signature for the image. From the **Original hashing algorithm** drop down, select the hashing algorithm provided by the manufacturer. From the **Original encryption algorithm** drop down, select the encryption algorithm provided by the manufacturer. In the **Path name of code signing certificate on device**, enter the path name, if any is provided by the manufacturer. (If the path name is not provided, then you can just enter 'NA'.) 1. Choose **Upload a new file**, then **Choose file** and upload the image you received from the manufacturer. Choose **Create S3 bucket** for the new uploaded image and proceed with creating a new bucket. If needed, you can also choose an existing bucket in your account by selecting **Browse S3** option. 1. Under **Path Name of file on device** you can enter 'NA' if the image is not targeted as an executable file within a filesystem. 1. From the **File type** drop down select a value (default is 0) to signify this is an ExpressLink firmware update as opposed to a host firmware update. 1. From the **role** dropdown under the **IAM role** section, select the OTA update role you created above. Choose **Next**. 1. Choose **Create Job**. If the job creation was successful, it should list the job name and state as 'in progress'. # Monitor and apply a new firmware update for AWS IoT ExpressLink After you create a firmware update job as described in the previous section, the ExpressLink module polls for firmware update jobs, receives and validates a job, and enters a state waiting for the update to be accepted. The host application receives an OTA event that indicates a new firmware image is available for the ExpressLink module. 1. Use the host terminal application to query the state of the job. Enter the command: ``` AT+OTA? ``` You should see the module respond with 'OK 1 *version*' to verify that a module OTA firmware update was proposed. 1. To accept the new firmware update, use the host terminal application to issue the command: ``` AT+OTA ACCEPT ``` 1. The ExpressLink module should now start downloading the firmware update from the cloud. You can monitor the state of the job using the 'AT\$1OTA?' command. When the download is complete and the image signature validation is successful, the host terminal application receives an event that indicates the module is ready to apply the new image. 1. Direct the module to apply the new image by issuing the command: ``` AT+OTA APPLY ``` 1. The ExpressLink module now reboots and boots up with the new image. The host terminal application receives a 'STARTUP' event indicating the new image is booted. To see the event, issue the command: ``` AT+EVENT? ``` Note: the event queue is shown in FIFO order, so you may have to issue the 'AT\$1EVENT?' command multiple times, depending on how many events are in the queue. 1. Use the host terminal application to direct the module to reconnect to AWS IoT by issuing the command: ``` AT+CONNECT ``` The ExpressLink module should now connect to AWS IoT, complete the self-test and mark the image as valid (preventing any further rollback to the old image). 1. Return to the AWS IoT console and verify that the job status is marked as completed and succeeded.